I was wondering how to disable user accounts in OpenNebula. For our external users we are using the
public driver, is quite common in our site that some users are active and then unactive for a specific period of time (some of them are students and professors). I don’t know if its possible to disable an account in ONE without deleting it, we want to keep the user id account and the user images just in case.
Do you know an easy way to do that? Probably changing the auth driver to something else (that does not exist)?:
oneuser chauth username --driver disabled
An then if we want to activate the user accont again:
oneuser chauth username --driver public
That’s ok? Any other option?
Thanks in advance!
I wanted to follow up on this because it seems that nobody else responded to the original
In the output of “oneuser show” you see the following:
[root@fclheadppgpvm01 ~]# oneuser show timm
USER 3 INFORMATION
ID : 3
NAME : timm
GROUP : oneadmin
SECONDARY GROUPS: 0,1
PASSWORD : xxxxxxxxxxx
AUTH_DRIVER : x509
ENABLED : Yes
So there’s an ENABLED field there but there is no way to oneuser enable/disable
at least not in OpenNebula 4.8. Is there any plans to add one?
I would prefer not to delete the users from my database, for historical information but I do need to make it so they can’t launch any new VM’s.
I have the similar situation here, but I use LDAP auth. Disabled users just disappear from the LDAP subtree, so they are not able to log in to ONe anymore. However, there are other problems - their VMs keep running, so I would probably want to shutdown them, and after some time (one month?) undeploy them and delete their images/templates/…
So I think I would have to write a synchronization script for all those things anyway.
Setting a disabled driver is a good temporary solution, however we have the
generic operation enable/disable that is not currently exposed by the User
objects. I’ll fill an issue for this…
Right now can I change:
ENABLED to ENABLED : NO for disabling user ?
Hi @Alexey_Shalin, @ruben
That is a good question, now with the new 5.2.0 version I can also see running oneuser info:
AUTH_DRIVER : core
ENABLED : Yes
But I do not know if is possible to disable/enable the users from the client.
oneuser disable is not available, and is not possible to do that just updating the user template or from Sunstone.
I using version 5.6.2, and not found any option for edit “Enabled” option using “oneuser” command. Was any modification for use this?